Rafal Los

Rafal Los is Managing Director, Solutions R&D within the Office of the CISO for Optiv, which was created in 2015 from the merger of Accuvant and FishNet Security. Los leads a team developing research-backed guidance addressing key program challenges for enterprise security leaders. Prior to joining Optiv, Los served as principal, strategic security services at HP Enterprise Security Services. Previously at HP, Los served several diverse roles including security strategist of enterprise security products where he advised customers on implementing practical solutions. Los also held various positions at GE entities and various other start-ups. Follow Rafal on Twitter: @Wh1t3rabbit.

If enterprise information security is to make stride in a positive direction we need less of the self-aggrandizing “expert” and more of those who can aggregate and distill tribal knowledge into wisdom.

Everyone is talking about the shortage in security talent. Literally, everyone. It’s not for naught though, when you look at the sheer volume of open positions out there. We must have a talent shortage, right?

It’s your job to understand your limitations on the understanding of risk and to responsibly formulate defensible calculations that drive your tactics and strategy. Using “probability” as a metric is not only black magic, but it’s going to give you the wrong answer.

These two key pieces of data from your network infrastructure are invaluable to your security analysis - yet you likely don’t ever look at it, you most certainly don't have access to it and you probably wouldn't be able to make sense of it if you had it.